Opened 6 weeks ago

Last modified 4 weeks ago

#31978 needs_information defect

Support use of policies.json

Reported by: segfault Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: AffectsTails
Cc: segfault@…, intrigeri Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

At Tails, we are currently having trouble porting our customizations for Tor Browser 9. What would really help is the functionality of policies.json. I see that you add support for using policies.json with Tor Browser in #29445, but then reverted that fix in #29916.

In #29916#comment:7 and #29916#comment:8, you state that setting browser.policies.testing.disallowEnterprise=true should be enough to fix #29916. So would it be possible to reintroduce the fix for #29445, so that we can set browser.policies.testing.disallowEnterprise=false in Tails and make use of the policies.json?

Child Tickets

Change History (5)

comment:1 Changed 6 weeks ago by gk

Status: newneeds_information

Wouldn't that mean you need to back out the patch for #30575, too? I would not be very happy to do that and would object doing that for all platforms. If we don't find a better solution we could think about supporting policies.json for Linux only. I wonder, though, whether one could fix your original problems without hacking around them with policies.json.

So, what are your issues? Do you know what is causing them?

comment:2 Changed 6 weeks ago by segfault

Wouldn't that mean you need to back out the patch for #30575, too?

Yes, indeed.

I would not be very happy to do that and would object doing that for all platforms.

I understand.

If we don't find a better solution we could think about supporting policies.json for Linux only. I wonder, though, whether one could fix your original problems without hacking around them with policies.json.

So, what are your issues? Do you know what is causing them?

We were able to find workarounds for most of the issues now. Two issues which we couldn't solve yet are:

  • "Tor Browser 9 sometimes won't load new URLs" [1].
  • "JavaScript sometimes blocked on Tor Browser first start" [2].

To be honest, I'm not sure how policies.json would help us with those. The customizations which policies.json would make simpler for us are:

  • Enable a custom theme for our Unsafe Browser (which is also a customized Tor Browser) [3]. The current workaround requires us to ship a addonStartup.json.lz4 file, which Firefox/Tor Browser usually generated when it's started.
  • Disabling the update check [4].

We're worried that our workarounds to keep the customizations working are using methods that are unsupported by Mozilla (for example patching and repacking tor-browser/browser/omni.ja, and shipping addonStartup.json.lz4), require more and more hacks, and may be the root cause for more and more weird behavior ([1] and [2] for example). Using policies.json would allow us to drop some of these hacks, especially the addonStartup.json.lz4 file and some preferences we set in omni.ja.

[1] https://redmine.tails.boum.org/code/issues/17121
[2] https://redmine.tails.boum.org/code/issues/17007
[3] https://redmine.tails.boum.org/code/issues/17055
[4] https://redmine.tails.boum.org/code/issues/17114

comment:3 in reply to:  2 Changed 6 weeks ago by gk

Replying to segfault:

Wouldn't that mean you need to back out the patch for #30575, too?

Yes, indeed.

I would not be very happy to do that and would object doing that for all platforms.

I understand.

If we don't find a better solution we could think about supporting policies.json for Linux only. I wonder, though, whether one could fix your original problems without hacking around them with policies.json.

So, what are your issues? Do you know what is causing them?

We were able to find workarounds for most of the issues now. Two issues which we couldn't solve yet are:

  • "Tor Browser 9 sometimes won't load new URLs" [1].
  • "JavaScript sometimes blocked on Tor Browser first start" [2].

So, the second one is not new with Tor Browser 9, if I see that correctly, right? The first one, hrm. I believe I have seen that once or twice weeks ago with early Tor Browser nightly versions but I never encountered it again. So, maybe that one has been a different/fixed issue.

Can you run tests with customized Tor Browser versions, like disabling some extensions etc.? If so, I'd suggest doing that and seeing whether the Jenkins results get better. Have you tried running the Tor Browser as we ship it in your test setup to see whether that test fails with our stuff randomly as well? It could be that your customizations make this (more) problematic.

To be honest, I'm not sure how policies.json would help us with those. The customizations which policies.json would make simpler for us are:

  • Enable a custom theme for our Unsafe Browser (which is also a customized Tor Browser) [3]. The current workaround requires us to ship a addonStartup.json.lz4 file, which Firefox/Tor Browser usually generated when it's started.
  • Disabling the update check [4].

We're worried that our workarounds to keep the customizations working are using methods that are unsupported by Mozilla (for example patching and repacking tor-browser/browser/omni.ja, and shipping addonStartup.json.lz4), require more and more hacks, and may be the root cause for more and more weird behavior ([1] and [2] for example). Using policies.json would allow us to drop some of these hacks, especially the addonStartup.json.lz4 file and some preferences we set in omni.ja.

Fair enough. I think we would be amenable to accept a patch just for the Tails case if that helps you. I have no idea right now how that would look like, though, given that the current way of doing things prevents real proxy bypass scenarios. So, we need to be careful here.

comment:4 Changed 4 weeks ago by intrigeri

Keywords: AffectsTails added

comment:5 Changed 4 weeks ago by intrigeri

Cc: intrigeri added
Note: See TracTickets for help on using tickets.